A weakness in the dynamic loader has been found, making glibc of versions prior 2.22.90 affected. LD_POINTER_GUARD in the environment is not sanitizaed allowing attacker to easily bypass the pointer guarding protection on set-user-ID and set-group-ID programs.
Reproducing steps available at:
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1260583]
CVE has been requested, still no response:
glibc-2.21-11.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Seems like WONTFIX is not the correct resolution here?
The glibc pointer guard is a post-exploitation mitigation mechanism. As such, it is only relevant if there are exploitable security vulnerabilities in the system. Therefore, applying available security updates to the system is a possible mitigation for this issue.
In typical deployments, environment variables can only be set by users with shell access. Restricting shell access to trusted users is another possible mitigation.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:1916 https://access.redhat.com/errata/RHSA-2017:1916